CVE-2023-4532 - GitLab Security Vulnerability Allows Unauthorized Access to Private CI/CD Jobs

A recently discovered security vulnerability in GitLab is currently receiving significant attention. This issue, identified as CVE-2023-4532, affects multiple GitLab versions and allows users to gain unauthorized access to CI/CD jobs of private projects they are not members of. This article provides a detailed overview of the vulnerability, including code snippets, links to original references, and information on potential exploits.

All versions starting from 16.4 before 16.4.1

The security issue arises due to the fact that users were able to link CI/CD jobs of private projects without being a member of the project, which poses a significant threat to the confidentiality and data integrity of GitLab users.

Here's a code snippet showcasing a scenario that could lead to exploitation

def link_private_project_ci_cd_job(user, private_project)
  return false unless user.can?(:read_project_variable, private_project)

  ci_cd_job = private_project.ci_cd_jobs.find(params[:job_id])
  link_ci_cd_job_to_user(ci_cd_job)
end

In the code above, the vulnerability lies within the user.can?(:read_project_variable, private_project) check, which should restrict access to private projects' CI/CD jobs to project members. However, due to the vulnerability, the check allows unauthorized users to link CI/CD jobs of private projects, effectively granting unauthorized access.

References and Mitigations

GitLab has acknowledged the vulnerability and has released patches to address the security issue. To fix the vulnerability, it is recommended that affected users update their GitLab instances to the latest patched versions. These include:

GitLab 16.4.1 for users on the 16.4 series

For more information and details on the vulnerability, users are encouraged to refer to GitLab's official security advisory: GitLab Security Advisory for CVE-2023-4532

Conclusion

CVE-2023-4532 is a critical security vulnerability that puts the confidentiality and data integrity of GitLab users at risk. With unauthorized users potentially able to access and interact with private projects' CI/CD jobs, affected users must act quickly to address the security issue. By updating to the latest patched GitLab versions, users can protect their projects and maintain the security of their data.

Timeline

Published on: 09/29/2023 07:15:00 UTC
Last modified on: 10/03/2023 19:28:00 UTC